Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows: Fix regression in Expander and Format when RAM encryption is enable that was causing volume headers to be corrupted.

Browse Source
This commit is contained in:
Mounir IDRASSI
2020-01-22 11:46:37 +01:00
parent 56775af8d7
commit be1aee0034
5 changed files with 217 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Common/Fat.c
View File

@@ -394,6 +394,8 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
if(!quickFormat) if(!quickFormat)
{ {
CRYPTO_INFO tmpCI;
if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo)) if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
goto fail; goto fail;
@@ -402,23 +404,41 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
deniability of hidden volumes (and also reduces the amount of predictable plaintext deniability of hidden volumes (and also reduces the amount of predictable plaintext
within the volume). */ within the volume). */
VirtualLock (&tmpCI, sizeof (tmpCI));
memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
cryptoInfo = &tmpCI;
// Temporary master key // Temporary master key
if (!RandgetBytes (hwndDlg, temporaryKey, EAGetKeySize (cryptoInfo->ea), FALSE)) if (!RandgetBytes (hwndDlg, temporaryKey, EAGetKeySize (cryptoInfo->ea), FALSE))
{
burn (&tmpCI, sizeof (tmpCI));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
goto fail; goto fail;
}
// Temporary secondary key (XTS mode) // Temporary secondary key (XTS mode)
if (!RandgetBytes (hwndDlg, cryptoInfo->k2, sizeof cryptoInfo->k2, FALSE)) if (!RandgetBytes (hwndDlg, cryptoInfo->k2, sizeof cryptoInfo->k2, FALSE))
{
burn (&tmpCI, sizeof (tmpCI));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
goto fail; goto fail;
}
retVal = EAInit (cryptoInfo->ea, temporaryKey, cryptoInfo->ks); retVal = EAInit (cryptoInfo->ea, temporaryKey, cryptoInfo->ks);
if (retVal != ERR_SUCCESS) if (retVal != ERR_SUCCESS)
{ {
TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey)); burn (temporaryKey, sizeof(temporaryKey));
burn (&tmpCI, sizeof (tmpCI));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
return retVal; return retVal;
} }
if (!EAInitMode (cryptoInfo, cryptoInfo->k2)) if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{ {
TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey)); burn (temporaryKey, sizeof(temporaryKey));
burn (&tmpCI, sizeof (tmpCI));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
return ERR_MODE_INIT_FAILED; return ERR_MODE_INIT_FAILED;
} }
@@ -430,12 +450,24 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
goto fail; goto fail;
} }
UpdateProgressBar (nSecNo * ft->sector_size); UpdateProgressBar (nSecNo * ft->sector_size);
if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
{
burn (&tmpCI, sizeof (tmpCI));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
goto fail;
}
burn (&tmpCI, sizeof (tmpCI));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
} }
else else
{
UpdateProgressBar ((uint64) ft->num_sectors * ft->sector_size); UpdateProgressBar ((uint64) ft->num_sectors * ft->sector_size);
if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo)) if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
goto fail; goto fail;
}
TCfree (write_buf); TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey)); burn (temporaryKey, sizeof(temporaryKey));

72
src/Common/Format.c
View File

@@ -100,6 +100,10 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
LARGE_INTEGER offset; LARGE_INTEGER offset;
BOOL bFailedRequiredDASD = FALSE; BOOL bFailedRequiredDASD = FALSE;
HWND hwndDlg = volParams->hwndDlg; HWND hwndDlg = volParams->hwndDlg;
#ifdef _WIN64
CRYPTO_INFO tmpCI;
PCRYPTO_INFO cryptoInfoBackup = NULL;
#endif
FormatSectorSize = volParams->sectorSize; FormatSectorSize = volParams->sectorSize;
@@ -574,6 +578,17 @@ begin_format:
goto error; goto error;
} }
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof (tmpCI));
memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
cryptoInfoBackup = cryptoInfo;
cryptoInfo = &tmpCI;
}
#endif
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE, nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header, header,
volParams->ea, volParams->ea,
@@ -592,6 +607,15 @@ begin_format:
FormatSectorSize, FormatSectorSize,
FALSE); FALSE);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
cryptoInfo = cryptoInfoBackup;
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header)) if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))
{ {
nStatus = ERR_OS_ERROR; nStatus = ERR_OS_ERROR;
@@ -603,8 +627,28 @@ begin_format:
{ {
BOOL bUpdateBackup = FALSE; BOOL bUpdateBackup = FALSE;
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof (tmpCI));
memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
cryptoInfoBackup = cryptoInfo;
cryptoInfo = &tmpCI;
}
#endif
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE); nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
cryptoInfo = cryptoInfoBackup;
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
if (nStatus != ERR_SUCCESS) if (nStatus != ERR_SUCCESS)
goto error; goto error;
@@ -794,6 +838,10 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
LARGE_INTEGER startOffset; LARGE_INTEGER startOffset;
LARGE_INTEGER newOffset; LARGE_INTEGER newOffset;
#ifdef _WIN64
CRYPTO_INFO tmpCI;
#endif
// Seek to start sector // Seek to start sector
startOffset.QuadPart = startSector * FormatSectorSize; startOffset.QuadPart = startSector * FormatSectorSize;
if (!SetFilePointerEx ((HANDLE) dev, startOffset, &newOffset, FILE_BEGIN) if (!SetFilePointerEx ((HANDLE) dev, startOffset, &newOffset, FILE_BEGIN)
@@ -811,6 +859,16 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
memset (sector, 0, sizeof (sector)); memset (sector, 0, sizeof (sector));
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof (tmpCI));
memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
cryptoInfo = &tmpCI;
}
#endif
// Remember the original secondary key (XTS mode) before generating a temporary one // Remember the original secondary key (XTS mode) before generating a temporary one
memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2)); memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));
@@ -873,6 +931,13 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
VirtualUnlock (temporaryKey, sizeof (temporaryKey)); VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2)); VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf); TCfree (write_buf);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
return 0; return 0;
@@ -884,6 +949,13 @@ fail:
VirtualUnlock (temporaryKey, sizeof (temporaryKey)); VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2)); VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf); TCfree (write_buf);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
SetLastError (err); SetLastError (err);
return (retVal ? retVal : ERR_OS_ERROR); return (retVal ? retVal : ERR_OS_ERROR);

43
src/ExpandVolume/ExpandVolume.c
View File

@@ -512,6 +512,10 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
BOOL backupHeader; BOOL backupHeader;
byte *wipeBuffer = NULL; byte *wipeBuffer = NULL;
uint32 workChunkSize = TC_VOLUME_HEADER_GROUP_SIZE; uint32 workChunkSize = TC_VOLUME_HEADER_GROUP_SIZE;
#ifdef _WIN64
CRYPTO_INFO tmpCI;
PCRYPTO_INFO cryptoInfoBackup = NULL;
#endif
if (pVolumePassword->Length == 0) return -1; if (pVolumePassword->Length == 0) return -1;
@@ -851,6 +855,17 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
else else
DebugAddProgressDlgStatus(hwndDlg, L"Writing re-encrypted primary header ...\r\n"); DebugAddProgressDlgStatus(hwndDlg, L"Writing re-encrypted primary header ...\r\n");
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
cryptoInfoBackup = cryptoInfo;
cryptoInfo = &tmpCI;
}
#endif
// Prepare new volume header // Prepare new volume header
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE, nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
buffer, buffer,
@@ -870,6 +885,15 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
cryptoInfo->SectorSize, cryptoInfo->SectorSize,
FALSE ); // use slow poll FALSE ); // use slow poll
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
cryptoInfo = cryptoInfoBackup;
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
}
#endif
if (ci != NULL) if (ci != NULL)
crypto_close (ci); crypto_close (ci);
@@ -901,7 +925,26 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
PCRYPTO_INFO dummyInfo = NULL; PCRYPTO_INFO dummyInfo = NULL;
LARGE_INTEGER hiddenOffset; LARGE_INTEGER hiddenOffset;
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
cryptoInfoBackup = cryptoInfo;
cryptoInfo = &tmpCI;
}
#endif
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader); nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
cryptoInfo = cryptoInfoBackup;
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
}
#endif
if (nStatus != ERR_SUCCESS) if (nStatus != ERR_SUCCESS)
goto error; goto error;

27
src/ExpandVolume/InitDataArea.c
View File

@@ -56,6 +56,9 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
LARGE_INTEGER startOffset; LARGE_INTEGER startOffset;
LARGE_INTEGER newOffset; LARGE_INTEGER newOffset;
#ifdef _WIN64
CRYPTO_INFO tmpCI;
#endif
// Seek to start sector // Seek to start sector
startOffset.QuadPart = startSector * FormatSectorSize; startOffset.QuadPart = startSector * FormatSectorSize;
@@ -74,6 +77,16 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
memset (sector, 0, sizeof (sector)); memset (sector, 0, sizeof (sector));
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof (tmpCI));
memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
cryptoInfo = &tmpCI;
}
#endif
// Remember the original secondary key (XTS mode) before generating a temporary one // Remember the original secondary key (XTS mode) before generating a temporary one
memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2)); memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));
@@ -136,6 +149,13 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
VirtualUnlock (temporaryKey, sizeof (temporaryKey)); VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2)); VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf); TCfree (write_buf);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
return 0; return 0;
@@ -147,6 +167,13 @@ fail:
VirtualUnlock (temporaryKey, sizeof (temporaryKey)); VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2)); VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf); TCfree (write_buf);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
SetLastError (err); SetLastError (err);
return (retVal ? retVal : ERR_OS_ERROR); return (retVal ? retVal : ERR_OS_ERROR);

41
src/Format/InPlace.c
View File

@@ -1097,6 +1097,19 @@ inplace_enc_read:
{ {
PCRYPTO_INFO dummyInfo = NULL; PCRYPTO_INFO dummyInfo = NULL;
#ifdef _WIN64
CRYPTO_INFO tmpCI;
PCRYPTO_INFO cryptoInfoBackup = NULL;
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof(tmpCI));
memcpy (&tmpCI, masterCryptoInfo, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (masterCryptoInfo));
cryptoInfoBackup = masterCryptoInfo;
masterCryptoInfo = &tmpCI;
}
#endif
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE, nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header, header,
headerCryptoInfo->ea, headerCryptoInfo->ea,
@@ -1115,6 +1128,15 @@ inplace_enc_read:
masterCryptoInfo->SectorSize, masterCryptoInfo->SectorSize,
wipeAlgorithm == TC_WIPE_NONE ? FALSE : (wipePass < PRAND_HEADER_WIPE_PASSES - 1)); wipeAlgorithm == TC_WIPE_NONE ? FALSE : (wipePass < PRAND_HEADER_WIPE_PASSES - 1));
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
masterCryptoInfo = cryptoInfoBackup;
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof(tmpCI));
}
#endif
if (nStatus != ERR_SUCCESS) if (nStatus != ERR_SUCCESS)
goto closing_seq; goto closing_seq;
@@ -1128,9 +1150,28 @@ inplace_enc_read:
goto closing_seq; goto closing_seq;
} }
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof(tmpCI));
memcpy (&tmpCI, headerCryptoInfo, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (headerCryptoInfo));
cryptoInfoBackup = headerCryptoInfo;
headerCryptoInfo = &tmpCI;
}
#endif
// Fill the reserved sectors of the header area with random data // Fill the reserved sectors of the header area with random data
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, headerCryptoInfo, masterCryptoInfo->VolumeSize.Value, TRUE, FALSE); nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, headerCryptoInfo, masterCryptoInfo->VolumeSize.Value, TRUE, FALSE);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
headerCryptoInfo = cryptoInfoBackup;
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof(tmpCI));
}
#endif
if (nStatus != ERR_SUCCESS) if (nStatus != ERR_SUCCESS)
goto closing_seq; goto closing_seq;